(No Ratings Yet)
Loading ...please help me to analyse the files hijackthis detact as below?
RegCureLogfile of HijackThis v1.99.1
Scan saved at 16:50:32, on 2007-3-4
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:WINNTSystem32smss.exe
C:WINNTsystem32winlogon.exe
C:WINNTsystem32services.exe
C:WINNTsystem32lsass.exe
C:WINNTsystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINNTsystem32spoolsv.exe
C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
C:WINNTsystem32svchost.exe
C:Program FilesAheadInCDInCDsrv.exe
C:Program FilesNorton AntiVirusnavapsvc.exe
C:Program FilesNorton AntiVirusAdvToolsNPROTECT.EXE
C:WINNTsystem32regsvc.exe
C:WINNTsystem32MSTask.exe
C:WINNTsystem32stisvc.exe
C:WINNTSystem32WBEMWinMgmt.exe
C:WINNTsystem32svchost.exe
C:WINNTExplorer.EXE
C:WINNTsystem32internat.exe
c:progra~1intern~1iexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesRogersSelfHealingrogersagent.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:WINNTsystem32mshta.exe
C:iE6HijackThis.exe
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.yahoo.com/
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = C:Program FilesCommon FilesMicrosoft SharedStationeryBlank.htm
R3 – URLSearchHook: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:Program FilesYahoo!CompanionInstallscpn8yt.dll
O2 – BHO: Yahoo! Toolbar Helper – {02478D38-C3F9-4EFB-9B51-7695ECA05670} – C:Program FilesYahoo!CompanionInstallscpn8yt.dll
O2 – BHO: Share Accelerator MM Toolbar – {4596013b-6c31-408b-a266-deae5c086dc2} – C:Program FilesShare_Accelerator_MMtbShar.dll
O2 – BHO: (no name) – {53707962-6F74-2D53-2644-206D7942484F} – C:Program FilesSpybot – Search & DestroySDHelper.dll
O2 – BHO: Yahoo! IE Services Button – {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} – C:Program FilesYahoo!commonyiesrvc.dll
O3 – Toolbar: Share Accelerator MM Toolbar – {4596013b-6c31-408b-a266-deae5c086dc2} – C:Program FilesShare_Accelerator_MMtbShar.dll
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:Program FilesYahoo!CompanionInstallscpn8yt.dll
O4 – HKLM..Run: [TkBellExe] “C:Program FilesCommon FilesRealUpdate_OBrealsched.exe” -osboot
O4 – HKLM..Run: [Synchronization Manager] mobsync.exe /logon
O4 – HKCU..Run: [internat.exe] internat.exe
O4 – HKCU..Run: [msnmsgr] “C:Program FilesMSN Messengermsnmsgr.exe” /background
O4 – HKCU..Run: [VoipDiscount] “C:Program FilesVoipDiscount.comVoipDiscountVoipDiscount.exe” -nosplash -minimized
O4 – HKCU..Run: [FreeCall] “C:program filesfreecall.comfreecallfreecall.exe” -nosplash -minimized
O4 – HKCU..Run: [Yahoo! Pager] “C:Program FilesYahoo!MessengerYahooMessenger.exe” -quiet
O4 – HKCU..Run: [SHS] “C:Program FilesRogersSelfHealingSHS.exe” /background
O4 – HKCU..Run: [RogersAgent] c:Program FilesRogersSelfHealingrogersagent.exe
O4 – HKCU..Run: [Windows Registry Repair Pro] C:Program Files3B SoftwareWindows Registry Repair ProRegistryRepairPro.exe 4
O4 – HKCU..Run: [Bleh Idle] C:DOCUME~1ADMINI~1APPLIC~1INTRAG~1eqflawstupid.exe
O4 – HKCU..RunOnce: [ypagerps6] cmd.exe /C del “C:Program FilesYahoo!Messengerypagerps6.DLL”
O8 – Extra context menu item: &Yahoo! Search – file:///C:Program FilesYahoo!Common/ycsrch.htm
O8 – Extra context menu item: Yahoo! &Dictionary – file:///C:Program FilesYahoo!Common/ycdict.htm
O8 – Extra context menu item: Yahoo! &Maps – file:///C:Program FilesYahoo!Common/ycmap.htm
O8 – Extra context menu item: Yahoo! &SMS – file:///C:Program FilesYahoo!Common/ycsms.htm
O9 – Extra button: Yahoo! Services – {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} – C:Program FilesYahoo!commonyiesrvc.dll
O10 – Unknown file in Winsock LSP: c:winntsystem32toonjoke.dll
O10 – Unknown file in Winsock LSP: c:winntsystem32toonjoke.dll
O16 – DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) – C:Program FilesYahoo!Commonyinsthelper.dll
O23 – Service: AVG7 Alert Manager Server (Avg7Alrt) – GRISOFT, s.r.o. – C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
O23 – Service: AVG7 Update Service (Avg7UpdSvc) – GRISOFT, s.r.o. – C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 – Service: Symantec Password Validation Service (ccPwdSvc) – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 – Service: Logical Disk Manager Administrative Service (dmadmin) – VERITAS Software Corp. – C:WINNTSystem32dmadmin.exe
O23 – Service: Google Updater Service (gusvc) – Google – C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 – Service: InCD Helper (InCDsrv) – Ahead Software AG – C:Program FilesAheadInCDInCDsrv.exe
O23 – Service: InCD Helper (read only) (InCDsrvR) – Ahead Software AG – C:Program FilesAheadInCDInCDsrv.exe
O23 – Service: Norton AntiVirus Auto Protect Service (navapsvc) – Symantec Corporation – C:Program FilesNorton AntiVirusnavapsvc.exe
O23 – Service: Network Tran mngr (Network Tran) – Unknown owner – c:winntsystem32flashtem.exe
O23 – Service: Norton Unerase Protection (NProtectService) – Symantec Corporation – C:Program FilesNorton AntiVirusAdvToolsNPROTECT.EXE
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:PROGRA~1COMMON~1SYMANT~1SCRIPT~1SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe
O23 – Service: TPK host (TPK) – Unknown owner – C:WINNTsystem32TaskPK.exe (file missing)
Posted in 
Tags: 2 Responses to “please help me to analyse the files hijackthis detact as below?”
This is not an appropriate site to post Hijack This logs. You have no knowledge of the person who will advise you.
You need to go to one of the many sites that accept HJT logs and have professionals instruct you in what to delete. Tom Coyote, Bleeping Computer, Major Geeks, and many others have forum for this purpose.
http://www.registry-Cleaners.info
(Report comment)
Copy your results and paste them here
http://www.hijackthis.de/
then click analyze.
http://www.registry-Cleaners.info
(Report comment)